I am a MS guy (2 MCSE tracks, admin > 20 MS servers), but I always advocate separating the vpn from the server environment. If your vpn is dependent on a server being up, then when it is down, you cannot remotely diagnose the problem.
You can upgrade the router, or possibly put a pix 501 or 506e behind it. If you have > 1 legitimate ip, I would probably look at using them to route to the pix behind the router.